Author: Olly

  • The Mechanify.com SCAMMERS – WARNING

    It makes a refreshing change to be blogging about a new subject, in this post I will be explaining how we had the mickey taken out of us by a bunch of scammers branding themselves up as Mechanify.

    I will start from the beginning…

    They approached us in October of 2014 and required us to look at the KashFlow integration aspect of their new platform called Mechanify.

    What is Mechanify?

    It was supposed to revolutionise the motor repair industry by taking their old fashioned approach and bringing it to the 21st century. I dont think they actually asked any garages if this would be something they would want and just assumed, and pushed on regardless.

    Mechanify Homepage

    We were initially contacted by Lucky Garba, and dealt with their creative director Kevin Barton.

    The main scammer here is a guy that goes by the name “Uvie Ugono” and as well as trying to destroy the motor trade industry he also has some renewable energy scam going off in Nigeria. He bats this about like he deserves a knighthood, but all he really does is sell solar panels to one of the most sun-rich (and cash-poor) countries in the world.

    What went wrong?

    Well, working for Mechanify initially started out OK, they paid their bills and all was well in the world. They got us to do more and more on the site as they were nearing the deadline they had set for themselves. It became apparent that the system was very incomplete – and with the deadline getting nearer by the day they started to panic and got us to do even more work. There were aspects of their overarching business plan that were just non existent within the system so we really had our work cut out for us. You could say we bailed them out the poop – BIG TIME.

    Our team met all deadlines and managed to make Mechanify actually work, and all the time costs were increasing, we were telling them costs were increasing, and they simply told us to carry on; “it will be fine”….

    Once we had completed the work, we then fought for over seven months to get our invoices paid. Then, after roughly eight months of chasing payments (and being promised them multiple times by everyone we spoke to) every single outstanding invoice was unnecessarily scrutinized so we had to spend even more time explaining exactly what each line on our invoices referred to – this would have taken five minutes if they had come back to us straight away, but eight months is a long time to sit on your hands doing nothing!

    Once we explained the bits and bobs (again) and they once again agreed to pay their bills, things seem to settle down…

    Uvie Ugono - One of his many lies

    They agreed to pay within the next few days, but payment didnt arrive so I chased it again (bear in mind we’re over 8 months overdue already at this point)

    Another Uvie lie!

    Then another month passed…. No payment. I chased it once again but this time I bolded some words and said that I would potentially have to go down the legal route if we didnt have something from them soon. Uvie piped up again…

    Uvie Ugono BS

    I felt he was being patronising here – but I let it slide as I wanted him to pay for the work we had done. However a few more days passed and I had to email them all again. I then got this gem from Uvie Ugono;

    Uvie Lols

    Buying sterling on the black market? Is that actually a thing? Also, if they had paid their bills when they were due he wouldn’t have been in Uganda or wherever the hell he claimed to be at the time – so I didnt give 3 shits about his convoluted process – PAY ME MY MONEY!

    Uvie BS

    No-one gives a shit.

    Then, a couple of days later TOTALLY out the blue, this essay arrived in my inbox. Maybe he was mates with one of the scammers ive pissed off in the past? His reasons are unclear, but he decided to erupt at us, blaming us for disabling his website (we hadnt – he is just a bit simple)

    Uvie Ugono

    What a steamy pile of shit.

    Again, he chose to be quite condescending in this email – acting like multi million dollar contracts are more important than the payments he owed to us? Money is money, debts are debts. Pay them and these situations magically dont happen!

    I strongly believe that the reasons this pirate kept fobbing us off is that he was, and probably always has been penniless. If you are an entrepreneur, and do multi million dollar deals every day you dont argue over a £1,400 debt that is owed to a company that have created you your next online business.

    Anyway, after we informed Uvie we hadn’t taken his shitty website down, he went all childish and refused to talk to us again, claiming we had insulted him and we were unprofessional etc etc. It amazes me that someone who is my senior, and is supposed to be some amazing entrepreneur tycoon, could act in such a childish, pathetic manner.

    A few days after this email chain stopped, Lucky rang and apologised for Uvie being a childish moron, and explained how Uvie had reached his conclusion about the site being down, and how he’d decided we were to blame – Lucky then promised to get the debts cleared, even if it was £50 here or there. I was fine with this and thanked him for taking the correct stance on the situation and trying to get it all resolved.

    Unfortunately, we had no further contact from Lucky, thankfully none from Uvie, and Kevin vanished into the fog.

    Along the way Uvie also told us he had resigned from the company as he didnt want to deal with the mess caused by other people any more – yet as of today (15th July 2016) he is still listed as a director.

    We’ve taken the matter to the small claims court and we’ll hopefully retrieve our money that way – but unfortunately the company is now in a position to strike off, according to Companies House.

    mechaify bust

    I wonder how many other suppliers have been ripped off by these scammers? If you have been ripoped off by Mechanify.com or Uvie Ugono then post in the comments below.

    The silver lining that came from this was in the form of our revised T’s and C’s that have stopped this kind of situation from happening again. We also credit and background check every new customer with the hope we can spot the dodgy ones before we start any work!

    Be warned, peeps. There are scammers everywhere!

  • Vulnerability found in WP Mobile Detector plugin for WordPress

    Our security team have reported a new vulnerability found in a commonly used WordPress plugin, called WP Mobile Detector. We are hearing that;

    “The plugin has a new Zero Day vulnerability allowing attacker to exploit a Arbitrary File Upload (AFU) vulnerability. The plugin has been removed from the WordPress repository and does not have an active patch available.”

    Amazingly. the issue seems to be the old TimThumb issue where a hacker can send a certain request to the timthumb file and hey presto they have access to your files and hosting account.

    It seems that attackers have been using this vulnerability to inject SEO spam into websites all over the internet, so if you notice links appearing on pages that you didnt add its likely you’re infected.

    Contact your support team today.

  • XAMPP – Error: Apache shutdown unexpectedly – A fix

    We ran in a problem recently at HQ where after a Windows 10 update some of our team weren’t able to connect Apache on their local development environment.

    At Work, we use Xampp as our local development environment and its worked really well until now. But after a scheduled Windows 10 update some of the team starting getting the error below:

    Error: Apache shutdown unexpectedly.
    This may be due to a blocked port, missing dependencies,
    improper privileges, a crash, or a shutdown by another method.
    Check the “/xampp/apache/logs/error.log” file
    and the Windows Event Viewer for more clues

    After a bit of hunting around and a bit of existing knowledge base in the team, we narrowed it down to another program using port 80 – Xampp’s default port for Apache.

    Here are the steps we took to narrow down the problem and then find the solution.

    1: Establish that it is a block on Port 80:

    To start with you need to establish that this is the problem. The simplest way to do this is to change the Apache port from 80 to 7777

    • With Xampp open, click on Config
    • Select Service and Port Settings
    • You’ll then see the service settings popup which will open on the Apache tab. Change the main port from 80 to 7777 and restart Apache. If you need go to localhost:7777/you-site-name in your browser you should see your site again.

     

    Apache shutdown unexpectedlyNow this got the site working for us (kinda) but we have loads of sites on our local development environment that share config files remotely that would all need to be changed to include the addition of :7777 in the local url.

    So we needed to dig further.

    2. Find out what else is using port 80

    Now the easy fix for this is Skype which listens in on port 80 and can stop Xampp working. To disable this in Skype, use the following steps.

    • Open the Skype window
    • Click on the Tools menu and select Options.
    • Click on the Advanced tab, and go to Connection sub-tab.
    • Untick or uncheck the check box for Use port 80 and 443 as an alternatives for incoming connections option.
    • Click on Save button and then restart Skype to make the change effective.

    But we don’t use Skype. So something else was stopping things from working right.

    By clicking on the Netstat button in Xampp you can see a list of all the programs and applications that are listening to different ports. You can see whats listening in to port 80 and trouble shoot it. For us, port 80 was being listened into by a System app and that’s all we had to go on.

    Netstat

    After a bit of digging we found that there’s a few different problematic system programs that can listen in on port 80 and stop Xampp from working.  As it turned out here are a list of the top 3 common system applications that can cause a problem.

    • Web Deployment Agent Service
    • SQL Server Reporting Services (MSSQLSERVER)
    • World Wide Web Publishing Service

    To stop a process like this to check if its blocking port 80

    • Go to Start
    • Search for services
    • The scroll through the list to find if one of the above is running. When you find it, click the black stop button at the top, restart Apache on Xampp and see if things work again.

    XAMPP Error Fix

    For us it was the World Wide Web Publishing Service. Once it was stopped we were back up and running again.

  • Scammers ringing from EON PHONE SCAM ALERT!

    This article is about an EON phone scam – please show this article to any business owners you may know!

    Last week while my business partner was off, we got a call transferred to me at work, claiming to be a chap from EON needing some info about my meter due to a technical glitch on their system.

    eon phone scamThe gentleman was of indian origin, and sounded like he was in a busy call centre – normally this wouldn’t raise any alarms as this is a common combination of elements, however I know for a fact that EON are based about 5 miles down the road from me and have never used indian call centres since we’ve been with them. Alarm bell number 1.

    He started reading something very scripted, and was informing me about how there had been an issue with my account and that they needed my meter number to ensure my bills were being calculated correctly. 1

    Stop. Alarm bell number 2.

    Never give anyone your meter number over the phone. Ever.

    As soon as they confirm your meter number and details they can start to transfer you to a provider of their choice – one that makes them lots of money!

    I informed the chap I was uncomfortable giving my meter number out over the phone due to what I know and understood about the commercial energy market – he must have had that one before as immediatly he said he could tell me my MPAN number which should verify he was legit. He read me my MPAN number and it was correct – although I informed the guy I still felt uneasy and that if it was really EON that they should send me this request in a letter. He mumbled something then hung up.

    The weekend passed and I thought nothing more of it – at this point I actually thought it was probably a legit call and I had given the chap a hard time on his first day at work or something!

    Monday afternoon – “Ring ring…”

    It was my mate from EON again with the same script he used on Friday, telling me there was an issue with my account and he needed my meter number. I just could not shake the uneasy feeling about giving him – or anyone – my meter number over the phone.

    He then said he would transfer me to his supervisor and I actually heard him ruffle the phone and pass it to someone sat next to him. It was done so unprofessionally, for me it was the last straw. I told him I did not believe he was legitimate and that I wasn’t prepared to give him any info over the phone. He quickly hung up.

    I then rang EON themselves and spoke to a lady who was based in nottingham and I explained to her what had happened – she confirmed it was in fact a scam!

    Its worth noting at this point that EON is not a scam – the scam is a bunch of indians calling you claiming to be from eon, getting your meter number then transferring you to some scammy commercial energy company that they make lots of money from.

    Now I know it’s 100% a scam, the next call we get I will be baiting the scammer a bit to see If I can find out more about the scam – such as who they would move me to if they had all the correct info etc.

    Pointers regarding this issue and why my alarm bells chimed;

    1. The chap didn’t go through any security questions to verify he was legit or I was legit. He used the MPAN number as a way of legitimising the call but this info can be obtained reasonably easily.
    2. The subject he was ringing me about was regarding an issue with my supply/account – so why did it sound so scripted? Surely it would be a one off call from someone in customer services, not a scripted call from a sales monkey?
    3. The professionalism of the call was terrible – he physically passed the phone to a supervisor, he did not transfer it. He was also sketchy about the actual issue, suggesting he knew nothing about it which was puzzling.
    4. He asked for my meter number. EON would never do this.
    5. He was from india, and I know EON use local telesales as a friend worked there!

    I was commended by the lady at EON when I rang them to check, as she said its a big problem for them at the moment. Some customers have given meter numbers, bank details and allsorts over the phone.

    Here are two phone numbers that registered on my phone when they called – they dont seem to work now though;

    • 002063760823
    • 002077286997

    Country code seems to be Egypt but that could easily be masked.

    Stay ScamWise people!

    Please share this article to make everyone aware this is happening.

    EON Phone Scam